Active Directory Federation Services

Applies To: Windows Server 2008 R2

Active Directory® Federation Services (AD FS) is a component in the Windows Server® 2008 operating system that provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session.

Hierarchy of Managed Entities

Managed Entities

Name Description

Federation Service

The Federation Service is a component of Active Directory Federation Services (AD FS) that can be installed independently from other AD FS components. The Federation Service functions as a security token service (STS).

Federation Service Proxy

The Federation Service Proxy is a component of Active Directory Federation Services (AD FS) that can be installed independently from other AD FS components. The Federation Service Proxy functions as a proxy in a perimeter network (also known as a demilitarized zone or a screened subnet) for the Federation Service.

Web Agent for Claims-Aware Applications

The claims-aware agent is used on a Web server that hosts a claims-aware application to allow the querying of Active Directory Domain Services (AD DS) security token claims. A claims-aware application is a Microsoft ASP.NET application that uses claims that are present in an Active Directory Federation Services (AD FS) security token to make authorization decisions and provide additional application personalization.

Web Agent for Windows NT Token-Based Applications

The Windows token-based agent is used on a Web server that hosts a Windows NT token-based application. The agent supports conversion from an Active Directory Federation Services (AD FS) security token to an impersonation-level Windows NT access token. A Windows NT token-based application is an application that uses Windows-based authorization mechanisms.